Announcement Announcement Module
No announcement yet.
isAuthenticated() is always false. Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • isAuthenticated() is always false.

    Hi All,
    I am using the UsernamePasswordAuthenticationToken for authentication. I can see the following in the log


    [java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.core.StatementCreatorUtil s - Setting SQL statement parameter value: columnIndex 1, parameter value [testuser], valueClass [java.lang.String], sqlType 12
    [java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.datasource.DataSourceUtil s - Closing JDBC connection
    [java] 2005-03-16 14:35:09,054 DEBUG plicationContext - Publishing event in context [ plicationContext;hashCode=25699763]: net.sf.acegisecurity.providers.dao.event.Authentic ationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePass wordAuthenticationToken@c9630a: Username: testuser; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]

    There is an AuthenticationSuccessEvent but the Authenticated property still shows false. When and how does the authenticated property be set to true?

    Any ideas??

    Thanks in advance

  • #2
    This sounds like a very similar problem to my post ref:

    upgrading 0.8.0 Null authentication SecureContextImpl


    • #3
      Just looked at the source for DaoAuthenticationProvider and UsernamePasswordAuthenticationToken...

      Basically it looks like on a successful auth, the DaoAuthenticationProvider is simply returning a new UsernamePasswordAuthenticationToken with the same exact properties you supplied in the first place. It never runs setAuthenticated(). I'd say this is a bug.

      Here's the method in question from DaoAuthenticationProvider:
      (the authentication passed in is the original Authentication object)
      protected Authentication createSuccessAuthentication(Object principal,
              Authentication authentication, UserDetails user) {
              // Ensure we return the original credentials the user supplied,
              // so subsequent attempts are successful even with encoded passwords.
              // Also ensure we return the original getDetails(), so that future
              // authentication events after cache expiry contain the details
              UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
                      authentication.getCredentials(), user.getAuthorities());
              result.setDetails((authentication.getDetails() != null)
                  ? authentication.getDetails() : null);
              return result;


      • #4


        • #5
          that makes some more sense.